Is there a way to query against exchange 2007 to distinguish who is either an active sync or blackberry user using powershell exchange addin?
views:
3052answers:
7You could query to see which mailboxes have the necessary permission enabled - just as you could see which mailboxes are OWA-enabled. That won't actually tell you who is USING the capability, merely who COULD.
BBES typically uses a service account that has access to ALL mailboxes in order to do it's thing. you will want to look at the BBES server itself to find out which users are active, not AD or Exchange. Because BBES is backed by a database, just dig into the dbo.UserStats table to see what's there.
to be upfront, I need to be able to either enable or disable activesync and i am scratching my head on how. For now I'm parsing through the IIS logs viewing who is accessing it, but i'd like to disable/enable activesync on a user by user basis.
thanks in advance
I did find this vbscript from this website http://blogs.technet.com/mjimenez/archive/2007/07/30/how-do-i-programmatically-disable-enable-microsoft-exchange-active-sync-for-all-of-my-mobile-users.aspx
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' DISABLEEAS.VBS
''
'' Disables Exchange Server 2003 Active Sync for the specified OU in the default domain
''
'' usage: cscript disableeas
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Below are the values for the msExchOmaAdminWirelessEnable Exchange attribute that can be modified.
' 5 = disable EAS and keep OMA enabled.(default)
' 7 = disable all mobile features.
' 0 = enable all mobile features. (not recommended)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Create log file instance
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile("c:\disableeas.log", 2, True, 0)
If Err.Number <> 0 Then
' Attempt to create a log file failed.
On Error GoTo 0
objLogFile.WriteLine "ERROR: Failed to create a log file.Program execution halted."
WScript.Echo "ERROR: Failed to create a log file. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' Successfully Created Disableeas.log file. Restore normal error handling.
On Error GoTo 0
objLogFile.WriteLine "disableeas.log created successfully"
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Determine DNS domain name
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objRootDSE = GetObject("LDAP://rootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBaseOU = "" 'SPECIFY AND ORGANIZATIONAL UNIT NAME HERE. FOR EXAMPLE 'OU=Production
If Err.Number <> 0 Then
' Attempt to bind to Active Directory Failed.
On Error GoTo 0
objLogFile.WriteLine "ERROR: Binding to Active Directory Failed. Program execution halted."
WScript.Echo "ERROR: Binding to Active Directory Failed. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' Active Directory bind successful
On Error GoTo 0
objLogFile.WriteLine "Binding to Active Directory successful"
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Setup ADO for Active Directory
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
If Err.Number <> 0 Then
' Attempt to search Active Directory Failed.
On Error GoTo 0
objLogFile.WriteLine "ERROR: ADO Setup for Active Directory Failed. Program execution halted."
WScript.Echo "ERROR: ADO Setup for Active Directory Failed. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' ADO Active Directory setup successful
On Error GoTo 0
objLogFile.WriteLine "Active Directory setup successful"
End If
' Test whether an OU is specified.
If strBaseOU <> "" Then
strBase="<LDAP://" & strBaseOU & "," & strDNSDomain & ">"
Else strBase="<LDAP://" & strDNSDomain & ">"
End If
'strBase="<LDAP://" & strDNSDomain & ">"
wscript.echo strBase
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Search for users with defined filters
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
strFilter = "(&(objectCategory=person)(objectClass=user)(!msExchOmaAdminWirelessEnable=5)(mail=*)(userAccountControl=66048))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
' Attempt to search within defined parameters failed.
On Error GoTo 0
objLogFile.WriteLine "Attempt to search within defined parameters failed. Program execution halted."
WScript.Echo "ERROR: Attempt to search within defined parameters failed. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' Active Directory bind successful
On Error GoTo 0
objLogFile.WriteLine "Search within defined parameters was successful"
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Enuerate all users
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
Set objUser = GetObject("LDAP://" & strDN)
On Error Resume Next
objUser.Get("msExchOmaAdminWirelessEnable")
On Error GoTo 0
objUser.Put "msExchOmaAdminWirelessEnable", "5"
objUser.SetInfo
If Err.Number <> 0 Then
On Error GoTo 0
objLogFile.Writeline "ERROR: Unfortunately, the required mobile attribute generated an error can could not be set. Program execution halted."
WScript.Echo "ERROR: Unfortunately, the required mobile attribute generated an error can could not be set. Program execution halted."
Wscript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
On Error GoTo 0
objLogFile.Writeline "User mobile properties successfully modified: " & objUser.Name
Wscript.Echo "User mobile properties successfully modified: " & objUser.Name
End If
' End If
objRecordSet.MoveNext
Loop
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Clean up
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
objLogFile.WriteLine "End Program"
Wscript.Echo "End Program"
objLogFile.Close
I'm hoping there is a way to do this by user instead of ou..
I figured out there is a cmdlet in powershell which does describe if activesync is online or not.
If you run > get-casmailbox | get-member
I noticed there is a ActiveSyncEnabled property in list
See these links:
http://exchangepedia.com/blog/2007/09/exchange-server-2007-how-to-get-list-of.html http://msexchangeteam.com/archive/2006/03/03/421149.aspx